So I came across some interesting articles about getting a shell with system priv on a windows box that you have physical access to …… sounds fun 😀

There are two ways to get this access using existing windows services, both involve replacing a helper service file with cmd.exe (or other exe, but we are just getting shell for now) and invoking the “helper” via key presses at the login screen.

Shift Key x5 – “Stickey keys helper”

Most windows machines (Up to & Including Server 2008 / Windows 7 etc) will invoke the StickyKeys helper app when you hit shift 5 times, even at the login prompt.

reboot your target with your favourite bootable image (backtrack is my choice, but you can use pretty much anything). Once you are in the distro of choice, you need to mount the target drive, backup the original file and copy in cmd.exe

Of course, while you are at it, you may want to drop your favourite “network tools application” somewhere onto the target drive, so you have something fun to run in a minute, you “could” also setup a machine on the same segment as the target, with a handler ….. but what you do there is up to you.

This time when you are at your windows login screen, hit Shift 5 time and bingo – shell, with system priv

Now comes the fun part … with your networktool.exe you dropped earlier….

Ooooh calculator …. wonder what that does ….

……. somewhere on another part of the network …… not so far far away ……

Another way to achieve the same goal is with Utilman.exe & then using WindowsKey + U instead of Shift x5. Depending on the security settings locked down on the domain (GPOs) these may or may not work for you – only one way to find out.

Not overly exciting, but packed with good information for beginning the assault on Windows7. I have been a long time windows user, my main machine is a macbook, and I have several linux boxes kicking around also. This free PDF explains a lot of the Windows7 features, and im going to shoot it off to my Parents (who are using Vista) to give them a quick overview. For the less technical in our families, this may just be the book of basic answers they need.

As one of the many happy Vyatta users around the globe, I like things that make life easier to create rules etc. The web interface on Vyatta …. “needs some work” to make it useful. The following post on “Adam’s Tech Notes” is about an awesome excel spreadsheet he has created to help with firewall rule management for Vyatta. Its early days & he is looking for comments & feedback for its use – so download a copy, bang in some firewall rules & give him some support to get this off the ground.

Vyatta Excel Firewall Rule Generator

3 September 2010, 11:11 am

Vyatta is fantastic as a routing product, but one thing I always hate is having to maintain firewall rules. The web interface makes managing rules cumbersome and the command line, whilst the best way to create rules, is hopeless if you need to re-order, re-number or do any of these types of tasks. To be fair, this is a problem on most routers and is not specific to Vyatta itself.

One stop infosec shop – the Offensive Security guys have thrown a whole bunch of juicy links together in one place – its worth a look:

The Future of Information Security – Offensive Security

Information Security is a vast and deep realm with many facets. Often, companies find themselves confused trying to find quality training, effective awareness programs or more meaningful certifications. In the end, many are left searching Google trying to find answers.

Offensive Security has has put together a set of resources to help your company in its mission to become more secure. Our mission statement is – “Security Through Education“. To us that is not just a statement, it is a way of life. Below is a list of resources that are at your disposal to give you some of the best security based education in the world today.

Ok Ok …. I know im 2 years late to post this as a “new” presentation – but there is some interesting & valuable info in here about pentesting your internal network. Its starts out pretty high level, but is a nice rounded overview on the reasons, methods & tools that you can use to penetration test your network. Hosted by CoreSecurity & presented by Paul Asadoorian from pauldotcom.

Part 1 has some great grounding information in penetration testing, examples in here for several tools (nmap, nessus, nbtscan etc) and also ways to link them together, eg, run an nmap scan across the network, identifying windows hosts listening on 445, use the nmap scripting engine to determine if they are vulnerable – and use that list of hosts in nessus or metasploit etc.

Part 2 contains more information on why should you exploit a machine, how to exploit etc, using both Metasploit & Core Impact. Some useful info on tasks to perform once you have compromised a host – automated info gathering, looking for sensitive data, gathering screenshots, video, sound recordings etc etc. This segment ends with some good tips on how to report this information to management, then some Q&A.

there is some great info in here, its worth a look.

Part 1:

This webcast is Part I of a two part series I am doing in collaboration with Core Security Technologies. The presentation is full of tips, tricks, process, and practical knowledge about performing penetration testing within your own organization. Whether you are a third-party doing penetration tests or want to penetration test your internal network, this webcast is for you! In Part I I cover such topics as finding rogue access points, processes for creating a successful penetration testing program, identifying targets, and more! Information and resources are below:

* How to determine if internal penetration testing is right for your organization
* What questions you should ask when planning a pen testing initiative
* How you can best pitch testing to other departments and gain permission from management
* What types of tests to run and how to address the process of dealing with compromised devices
* Which tips and tricks can help you carry out faster, more effective testing

Whether you’re considering rolling out an internal penetration testing program or need a refresher of best practices for your current testing initiatives, this webcast is sure to be time well-spent.

I just want to share a nice little tool I have been using to troubleshoot web page load times, and also as an easy way to see all the components of a loaded page without having to view source. You can simply load up the plugin, hit record, go to the website & you get a breakdown of each object, the time it takes to load and the link for it. It makes calls like “my internet is slow” easier to measure. Its free (for the basic version) and I find it very useful. Check it out. – HttpWatch

HttpWatch integrates with Internet Explorer and Firefox browsers to show you exactly what HTTP traffic is triggered when you access a web page. If you access a site that uses secure HTTPS connections, HttpWatch automatically displays the decrypted form of the network traffic.

Screenshot of HttpWatch

Conventional network monitoring tools just display low level data captured from the network. In contrast, HttpWatch has been optimized for displaying HTTP traffic and allows you to quickly see the values of headers, cookies, query strings and more…

HttpWatch also supports non-interactive examination of HTTP data. When log files are saved, a complete record of the HTTP traffic is saved in a compact file. You can even examine log files that your customers and suppliers have recorded using the free Basic Edition.

me

otherblogs

podcasts

Hak5 – security podcast
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn’t your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the ho